The New York Times today alleged that hackers from China had successfully compromised its IT networks in a cyberattack that went on for four months before detection. The Times believes the attack was related to one of its stories on China’s prime minister.
“For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees,” Nicole Perlroth wrote in the Times. “After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in. The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. “
InformationWeek’s Matthew J. Schwartz noted that the hackers are believed to have stolen “the corporate passwords for every employee” and to have compromised “the home PCs of multiple reporters.” He added, “According to investigators at Mandiant — the security firm hired by the Times on Nov. 7 to investigate the ongoing attacks — the sophisticated, advanced persistent threat (APT) attacks were launched by China. ‘If you look at each attack in isolation, you can’t say, This is the Chinese military,‘ said Richard Bejtlich, Mandiant’s chief security officer. But based on the attackers’ malicious code, hacking techniques and command-and-control networks, Mandiant said it had tied the attacks to a group operating from China that it’s dubbed ‘A.P.T. Number 12.'”
Wired’s Kim Zetter wrote, “During the three months they were in the paper’s network, the attackers installed 45 pieces of custom malware, though nearly all of it went undetected. Although the newspaper uses antivirus products made by Symantec, the monitoring software identified and quarantined only one of the attacker’s tools during that time, according to the report.”
The Verge’s Chris Welch observed, “China is staunchly denying a report from The New York Times that suggests its military colluded with hackers to launch a four-month cyber attack against the US newspaper. Foreign Ministry spokesman Hong Lei took a harsh tone in responding to the NYT’s accusations. ‘The competent Chinese authorities have already issued a clear response to the groundless accusations made by The New York Times,’ he told reporters earlier today. ‘To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible.'”